Author: djoume-guest Date: 2005-02-19 12:38:01 +0100 (Sat, 19 Feb 2005) New Revision: 450 Modified: sarge-checks/CAN/list Log: * processed my block Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-19 10:27:20 UTC (rev 449) +++ sarge-checks/CAN/list 2005-02-19 11:38:01 UTC (rev 450) @@ -10,114 +10,113 @@ NOTE: reserved CAN-2005-0464 NOTE: reserved -begin claimed by djoume CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...) - TODO: check + NOTE: I think we are vulnerable but upstream only fixed it in alpha version of jspwiki + NOTE: I have mailed maintainer about this. -- Djoume CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...) - TODO: check + NOTE: not-for-us (KorWeblog) CAN-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...) - TODO: check + NOTE: not-for-us (Soldier of Fortune) CAN-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...) - TODO: check + NOTE: not-for-us (SecureCRT) CAN-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...) - TODO: check + NOTE: not-for-us (ZyXEL Routers) CAN-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...) - TODO: check + NOTE: not-for-us (Halo: Combat Evolved) CAN-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...) - TODO: check + NOTE: not-for-us (PHPKIT) CAN-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...) - TODO: check + NOTE: not-for-us (PHPKIT) CAN-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...) - TODO: check + NOTE: not-for-us (Cash Mod module of phpbb2 not in Debian) CAN-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...) - TODO: check + NOTE: not-for-us (ZoneAlarm) CAN-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...) - TODO: check + NOTE: not-for-us (DMS POP3) CAN-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...) - TODO: check + NOTE: not-for-us (AppServ) CAN-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...) - TODO: check + NOTE: not-for-us (Invision Power Board) CAN-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...) - TODO: check + NOTE: not-for-us (PHP-Nuke) CAN-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...) - TODO: check + NOTE: not-for-us (PHP-Nuke) CAN-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...) - TODO: check + NOTE: not-for-us (PHP-Nuke) CAN-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...) - TODO: check + NOTE: not-for-us (MSIE) CAN-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...) - TODO: check + NOTE: not-for-us (Hired Team) CAN-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (Hired Team) CAN-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (Hired Team) CAN-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...) - TODO: check + NOTE: not-for-us (Hired Team) CAN-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...) - TODO: check + NOTE: not-for-us (Army Men RTS) CAN-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...) - TODO: check + NOTE: not-for-us (Eudora) CAN-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...) - TODO: check + NOTE: not-for-us (IPSwitch IMail) CAN-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...) - TODO: check + NOTE: not-for-us (phpBugTracker) CAN-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...) - TODO: check + NOTE: not-for-us (Phorum) CAN-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...) - TODO: check + NOTE: not-for-us (Zone Labs IMsecure) CAN-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...) - TODO: check + NOTE: not-for-us (phpWebSite) CAN-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...) - TODO: check + NOTE: not-for-us (vBulletin) CAN-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...) - TODO: check + NOTE: not-for-us (04Webserver) CAN-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...) - TODO: check + NOTE: not-for-us (04Webserver) CAN-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...) - TODO: check + NOTE: not-for-us (04Webserver) CAN-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...) - TODO: check + NOTE: not-for-us (Hotfoon) CAN-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...) - TODO: check + - webcalendar 0.9.45-1 CAN-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...) - TODO: check + - webcalendar 0.9.45-1 CAN-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...) - TODO: check + - webcalendar 0.9.45-1 CAN-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...) - TODO: check + - webcalendar 0.9.45-1 CAN-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) - TODO: check + - webcalendar 0.9.45-1 CAN-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...) - TODO: check + NOTE: not-for-us (JAF) CAN-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...) - TODO: check + NOTE: not-for-us (JAF) CAN-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...) - TODO: check + NOTE: not-for-us (Sun JRE) CAN-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) - TODO: check + NOTE: not-for-us (602 Lan Suite) CAN-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...) - TODO: check + NOTE: not-for-us (602 Lan Suite) CAN-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...) - TODO: check + NOTE: not-for-us (Lithtech) CAN-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...) - TODO: check + NOTE: not-for-us (HELM) CAN-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...) - TODO: check + NOTE: not-for-us (HELM) CAN-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...) - TODO: check + NOTE: not-for-us (Web Forums Server) CAN-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...) - TODO: check + NOTE: not-for-us (Web Forums Server) CAN-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...) - TODO: check + NOTE: not-for-us (WinRAR) CAN-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...) - TODO: check + NOTE: not-for-us (XDICT) CAN-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) - TODO: check + NOTE: not-for-us (Master of Orion) CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...) - TODO: check -end claimed by djoume + NOTE: not-for-us (Master of Orion) CAN-2005-0463 (Unknown "major security flaws" in Ulog-php before 1.0, related to ...) NOTE: not-for-us (ulog-php) CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...) @@ -781,9 +780,9 @@ CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...) - postgresql 7.4.7-1 CAN-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...) - TODO: check + NOTE: not-for-us (Yahoo! Messenger) CAN-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...) - TODO: check + NOTE: not-for-us (Yahoo! Messenger) CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...) - squid 2.5.7-7 CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...)